Does every relatively recent (v12+)IOS support multiple snmp read/readwrite community strings, or does it depend on the specific version? Given the following device config, the device credentials in DCR are read1 and readwrite1, what could cause LMS to report read1 is ok, but readwrite1 is invalid on the device?
snmp-server community read1 RO 22
snmp-server community readwrite1 RW 33
snmp-server community read2 RO 22
snmp-server community readwrite2 RW 33
If the current running config displays as follows, would a "no access-list 33 remark * IPs allowed for read-write SNMP *" followed by "access-list 33 remark * IPs allowed for read-write SNMP *" put the remark in front of all the ACLs numbered 33?
access-list 33 permit 184.108.40.206
access-list 33 permit 220.127.116.11
access-list 33 remark * IPs allowed for read-write SNMP *
All IOS versions support multiple community strings. Assuming the problem is a timeout for the read-write community string, my thought would be the ACL 33. I assume that one of those addresses is your LMS server?
If you enter the command "no access-list 33 remark * IPs allowed for read-write SNMP *", that will remove the entire ACL 33. You will have to add back in all of the lines in the desired order after that. If you only entered, "access-list 33 remark * IPs allowed for read-write SNMP *" after the "no" command, then ACL 33 would only consist of the remark line.
A sniffer trace of the Device Credential Verification test would help determine if the problem is something other than the ACL.
It just occurred to me that particular device was discovered and added to DCR by Campus Manager. Upon a more careful look, I find CM 4.x Device Discovery isn't aware of the SNMP RW string, in contrast to CM 3.3 (IIRC). That explains my original issue, that's easily fixed by updating the device credential. Look forward to the default device credentials in LMS 3.0.
Correct, CM 4.0 does not pass a read-write credential into DCR (unless, of course, you use SNMPv3). The reason for this was that it was impossible to verify the read-write community string when using multiple community strings. It really doesn't work in 3.3, either in that MCS only applies to the read-only string.
As you noted, default credentials in LMS 3.0 will allow for this as well as other credentials like [telnet/SSH] username and password.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.